Hyper-V and Spectre/Meltdown: Protecting Your Hosts – Do This!

SMThere is a lot of information swirling around out there on what to do with the latest Spectre/Meltdown vulnerabilities. Whereas I can’t tell you how to solve the vulnerabilities for for every Hardware and Operating System combination, I can tell you how to get your Hyper-V environments protected.  You might be interested in every fine detail of what is happening or you may want to just find out how to get protected as quick as possible.  If you are interested in the latter, then this is the blog to start with.    Here are the no nonsense steps that will protect your Hyper-V hosts.  I will be making a second post for the VMs running on these hosts.

Windows 2012 R2 and Windows 2016 Hosts

All Associated Files for Fixing and Testing for Spectre/Meltdown can be found HERE:

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management” /v FeatureSettingsOverride /t REG_DWORD /d 0 /f

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management” /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization” /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d “5.0” /f

    • OR through Group Policy Registry Preference if you want to get to a baseline throughout your environment across all your hosts.

 

 

* Other Firmware Moduldes that I use can be found here:  https://1drv.ms/f/s!AkBgjSJPQpxUnLQwzcraOFu8i5CsuA

 

Testing:

  • Download the Following Test Scripts from HERE and place them on a folder on your Hyper-V host.
    • SpeculationControl.psd1
    • SpeculationControl.psm1
    • SpeculationControl-runme.ps1
  • Open PowerShell and Change your Directory to the location of your scripts i.e. CD \Spectre_Meltdown
  • Run Import-Module .\SpeculationControl.psd1
  • Run Get-SpeculationControlSettings
  • If patched correctly, your results should look like the screenshot below.

PS_Commands_ScreenShot

If it looks like this, with lots of green, you are on the right track.  Check back to see if there are any other additions that come out in the next few days/weeks.

 

Sources for More Information:

https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/CVE-2017-5715-and-hyper-v-vms

Support Guidance:

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

 

 

 

 

Advertisements
This entry was posted in Hyper-V, PowerShell, Vendor, Windows Server 2012 R2, Windows Server 2016 and tagged , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s